Cisco Nexus 1000V Release Notes, Release 4.2(1) SV1(4b)

Updated: August 1, 2013

Part Number: OL-22822-03 E0

This document describes the features, limitations, and caveats for the Cisco Nexus 1000V Release 4.2(1)SV1(4b) software. Use this document in combination with documents listed in the "Available Documents" section. The following is the change history for this document.

Introduction

The Cisco Nexus 1000V provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.

Software Compatibility

Software Compatibility with VMware

The servers that run the Cisco Nexus 1000 VSM and VEM must be in the VMware Hardware Compatibility list. This release of Cisco Nexus 1000V supports vSphere 4.0.0, 4.1.0 and 5.0.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4b).

Note All virtual machine network adapter types that VMware vSphere supports are supported with Cisco Nexus 1000. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.

Software Compatibility with Cisco Nexus 1000

This release supports nondisruptive software upgrades from Release 4.0(4)SV1(3) and later releases. Upgrades are supported from 4.0(4)SV1(3) and earlier releases. For additional information, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4b).

Single VMware Data Center Support

The Cisco Nexus 1000V can be connected to a single VMware vCenter Server data center object. Note that this virtual data center can span across multiple physical data centers.

vMotion of VSM

vMotion of the VSM has the following limitations and restrictions:

•vMotion of a VSM is supported for both the active and standby VSM VMs. For high availability, we recommend that the active VSM and standby VSM reside on separate hosts.

•If you enable Distributed Resource Scheduler (DRS), then you must use the VMware anti-affinity rules to ensure that the two virtual machines are never on the same host, and that a host failure cannot result in the loss of both the active and standby VSM.

•VMware vMotion does not complete when using an open virtual appliance (OVA) VSM deployment if the CD image is still mounted. To complete the vMotion, either click Edit Settings on the VM to disconnect the mounted CD image, or power off the VM. No functional impact results from this limitation.

•If you are adding one host in a DRS cluster that is using vSwitch to a VSM, you must move the remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does not work, the VMs that are deployed on the VEM could be moved to a host in the cluster that does not have VEM, and the VMs lose network connectivity.

For more information about vMotion of VSM, see the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV1(4b).

VMware Lab Manager

VMware Lab Manager does not support using the Cisco Nexus 1000V.

Upgrades

When you upgrade to Cisco NX-OS Release 4.2(1)SV1(4b), you need to follow a different upgrade path depending on whether you start from Release 4.0(4)SV1(3) and its maintenance updates, or from Release 4.2(1)SV1(4) and its updates. In the former case, you must upgrade the VEMs before the VSM; in the latter case, you should follow the regular ISSU flow of upgrading the VSM first.

For more information about VMware compatibility, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4b).

Note If you need to upgrade from Cisco NX-OS Release 4.0(4)SV1(3x) to Cisco NX-OS Release 4.2(1)SV1(5.1), you must first upgrade to Release 4.2(1)SV1(4b) and then upgrade immediately to Release 4.2(1)SV1(5.1). In this upgrade path, Release 4.2(1)SV1(4b) serves only as a transitory release.

Note If customers are running Release 4.2(1)SV1(4b) in a production environment and they want to upgrade to a 4.2(1)SV1(5.x) release, we recommend upgrading to Release 4.2(1)SV1(5.2) or a later release.

Access Lists

ACLs have the following limitations and restrictions:

Limitations:

•IPV6 ACL rules are not supported.

•VLAN-based ACLs (VACLs) are not supported.

•ACLs are not supported on port channels.

Restrictions:

•IP ACL rules do not support the following:

–fragments option

–addressgroup option

–portgroup option

–interface ranges

•Control VLAN traffic between the VSM and VEM does not go through ACL processing.

NetFlow

The NetFlow configuration has the following support, limitations, and restrictions:

•Layer 2 match fields are not supported.

•NetFlow Sampler is not supported.

•NetFlow Exporter format V9 is supported

•NetFlow Exporter format V5 is not supported.

•The multicast traffic type is not supported. Cache entries are created for multicast packets, but the packet/byte count does not reflect replicated packets.

•NetFlow is not supported on port channels.

The NetFlow cache table has the following limitation:

•Immediate and permanent cache types are not supported.

Note The cache size that is configured using the CLI defines the number of entries, not the size in bytes. The configured entries are allocated for each processor in the ESX host and the total memory allocated depends on the number of processors.

Port Security

Port security has the following support, limitations, and restrictions:

•Port security is enabled globally by default. The feature/no feature port-security command is not supported.

•In response to a security violation, you can shut down the port.

•The port security violation actions that are supported on a secure port are Shutdown and Protect. The Restrict violation action is not supported.

•Port security is not supported on the PVLAN promiscuous ports.

Port Profiles

Port profiles have the following restrictions or limitations:

•There is a limit of 255 characters in a port-profile command attribute.

•We recommend that you save the configuration across reboots, which will shorten the VSM bringup time.

•We recommend that if you are altering or removing a port channel, you should migrate the interfaces that inherit the port channel port profile should migrate to a port profile with the desired configuration, rather than editing the original port channel port profile directly.

•If you attempt to remove a port profile that is in use, that is, one that has already been auto-assigned to an interface, the Cisco Nexus 1000V generates an error message and does not allow the removal.

•When you remove a port profile that is mapped to a VMware port group, the associated port group and settings within the vCenter Server are also removed.

•Policy names are not checked against the policy database when ACL/NetFlow policies are applied through the port profile. It is possible to apply a nonexistent policy.

•Port-profile migration can fail if you attempt to migrate 100 or more ports from one port group to another on the same host. This issue can occur if there are 160 vEth interfaces present on a host and you attempt to move 100 or fewer port profiles on the same host. To avoid this issue, reduce the number of interfaces being migrated at one time. Approximately 10 interfaces can be migrated at one time.

Telnet Enabled by Default

The Telnet server is enabled by default.

For more information about Telnet, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4b).

SSH Support

Only SSH version 2 (SSHv2) is supported.

For more information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4b).

Cisco NX-OS Commands Might Differ from Cisco IOS

Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.

No Spanning Tree Protocol

The Cisco Nexus 1000V forwarding logic is designed to prevent network loops so it does not need to use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.

Cisco Discovery Protocol

The Cisco Discovery Protocol (CDP) is enabled globally by default.

CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:

•Advertises information to all attached Cisco devices.

•Discovers and views information about those Cisco devices.

–CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.

If you disable CDP globally, then CDP is also disabled for all interfaces.

For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4b).

DHCP Not Supported for the Management IP

DHCP is not supported for the management IP. The management IP must be configured statically.

LACP

The Link Aggregation Control Protocol (LACP) is an IEEE standard protocol that aggregates Ethernet links into an EtherChannel.

Cisco Nexus 1000V has the following restrictions for enabling LACP on ports carrying the control and packet VLANs:

Note These restrictions do not apply to other data ports using LACP.

•If LACP offload is disabled, at least two ports must be configured as part of LACP channel.

Note This restriction is not applicable if LACP offload is enabled. You can check the LACP offload status using the show lacp offload status command.

•The upstream switch ports must be configured in spanning-tree port type edge trunk mode. For more information about this restriction, see Upstream Switch Ports.

Upstream Switch Ports

Without spanning-tree portfast on upstream switch ports, it takes approximately 30 seconds to recover these ports on the upstream switch. Because these ports are carrying control and packet VLANs, VSM loses connectivity to the VEM.

The following commands are available to use on Cisco upstream switch ports in interface configuration mode:

•spanning-tree portfast

•spanning-tree portfast trunk

•spanning-tree portfast edge trunk

DNS Resolution

The Cisco Nexus 1010 (1000V) cannot resolve a domain name or hostname to an IP address.

Interfaces

When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the "Available Documents" section.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Internet Protocol (IP) addresses used in this document are for illustration only. Examples, command display output, and figures are for illustration only. If an actual IP address appears in this document, it is coincidental.